ad4d7bd80f403d5c3b3c48d5f47a3770ca99f2366e931349737cbbd73ee27405

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b37b5af6f37d14e0138d8472338aa050N.exe
Size

65KB
MD5

b37b5af6f37d14e0138d8472338aa050
SHA1

d41f91a02beb06c0acb0e259d82a1b3367376174
SHA256

ad4d7bd80f403d5c3b3c48d5f47a3770ca99f2366e931349737cbbd73ee27405
SHA512

7d73ae86864d8c1ba069c72534845c18e3b1374bd172831fbe084b866292c0a78a25539737d0fe22d3804069a1be9c7674eafe67bf0b3cbfc6911ed9c2954183
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdJSpXeX4AGAbehQ:W7ZNLpApCZuvIYXJSpXeX/ByhQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	b37b5af6f37d14e0138d8472338aa050N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	b37b5af6f37d14e0138d8472338aa050N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b37b5af6f37d14e0138d8472338aa050N.exe

C:\Users\Admin\AppData\Local\Temp\b37b5af6f37d14e0138d8472338aa050N.exe
"C:\Users\Admin\AppData\Local\Temp\b37b5af6f37d14e0138d8472338aa050N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
65KB

MD5
f8c03bea3de36c39ab7d78b699b96d61

SHA1
4f59e9a672e1db4823793f05a2d756e6e26daccb

SHA256
f95235c0b84c6a5854a7537b365c5d2bda6e7f034704ab8982318b9c91cb6499

SHA512
d1390535baf26acb6cb00841b2143509c4701b3a0b179ce224b06902a2fec14e6227288d743e492482c363df2629e93f7cc1cf705c19d4ee742e5d40668d0c12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
4fbc3da0308ff49bd8dfd9f83f72f7ec

SHA1
1a31e5cfe6b3ababf7c05e838aca7157d915ed64

SHA256
28c26f0bd889191fccbf990be8d6ce09a345764c60e9906f41480918947f7723

SHA512
804d7f3953b8b06f161f2f9c86d10a9b1ea549d570542ee807cd6a913536ed691e2889ef55fd6b2353905da9462186aa7447648fbf98ce26617ce5a97f6c137d

Download Submit